The vulnerability was discovered by Atlanta-based app security firm Checkmarx while assessing the Ring doorbell app for Android.
In May 2022, Amazon was alerted about a high-severity security flaw in its hugely popular home security-oriented Ring app for Android. The vulnerability could allow attackers to access camera recordings from Ring and extract sensitive data.
For your information, the Ring camera app allows homeowners to monitor video recordings from the doorbells and security cameras and boasts over 10 million downloads.
The vulnerability was discovered by an Atlanta-based app security firm Checkmarx while assessing the Ring doorbell app for Android. The flaw could expose sensitive user data, including the following:
- Full name
- Email address
- Phone number
Although Amazon quickly fixed the vulnerability in the same month when it was discovered, the details of it were only shared on August 18th by Checkmarx.
According to the company’s blog post, it was a cross-site scripting flaw that could be exploited in an attack chain to trick victims into installing an infected app. This app could hand over the Authorization Token of the device and extract the session cookie by sending the information with the device’s hardware ID to this endpoint– “ringcom/mobile/authorize.”
The victim is tricked into installing that app, which allows the attacker to collect authentication cookies. These cookies would allow the attacker to access a user’s account without entering the password.
Resultantly, the malicious app could steal the Ring user’s private information, geolocation data, and camera recordings, including files and computer screens visible to the app’s camera. The malicious actor may also track the homeowners’ movements inside the rooms or the building.
Checkmarx researchers found multiple bugs in the Ring Android app, which could collectively allow attackers to exploit the app and its users with a malicious app or an update to an existing app running on the device.
Checkmarx reported this issue on 1 May 2022, and Amazon fixed it on 27 May in version 220.127.116.11 of the Ring Android app. Ring spokesperson Claudia Fellerman told TechCrunch that this “extremely difficult” to exploit vulnerability wasn’t used in real-world attacks, and customer data wasn’t exposed.
“Based on our review, no customer information was exposed. This issue would be extremely difficult for anyone to exploit because it requires an unlikely and complex set of circumstances to execute.”
- ThroughTek Flaw Exposed Millions of IoT Cameras to Spying
- Leaky database exposes fake Amazon product reviews scam
- Amazon sent 1,700 audio recordings of Alexa user to a stranger
- 3TB of clips from exposed home security cameras posted online
- Whitehat hacker shows how to detect hidden cameras in Airbnb, hotels